Authentication Based on Previous Authentications

1. A method for authenticating a user to a target server, said method comprising: receiving, by one or more processors of a computer system, a request from a user computer system to authenticate the user for access to N−1 target servers of N target servers at respective levels 1 through N−1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−1 target servers at the respective levels 1 through N−1 if N is at least 3; accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−1 target servers at the respective levels 1 through N−1; receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−1 target servers at the respective levels 1 through N−1; in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store; determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.

2. The method of claim 1 , wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.

3. The method of claim 1 , wherein the method further comprises: determining, by the one or more processors, that there is a mismatch between the stored authentication plan and the current authentication plan; and resolving, by the one or more processors, the mismatch.

4. The method of claim 3 , wherein said resolving the mismatch comprises requiring additional authentication information.

5. The method of claim 3 , wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.

6. The method of claim 1 , wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.

7. The method of claim 1 , wherein the at least the partial match is an exact match.

8. The method of claim 1 , wherein N is at least 3.

9. A computer program product, comprising one or more computer-readable hardware storage devices storing program instructions stored which, upon being executed by a computer, perform a method for authenticating a user to a target server, said method comprising: receiving, by one or more processors of a computer system, a request from a user computer system to authenticate the user for access to N−1 target servers of N target servers at respective levels 1 through N−1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−1 target servers at the respective levels 1 through N−1 if N is at least 3; accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−1 target servers at the respective levels 1 through N−1; receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−1 target servers at the respective levels 1 through N−1; in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store; determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.

10. The computer program product of claim 9 , wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.

11. The computer program product of claim 9 , wherein the method further comprises: determining, by the one or more processors, that there is a mismatch between the stored authentication plan and the current authentication plan; and resolving, by the one or more processors, the mismatch.

12. The computer program product of claim 11 , wherein said resolving the mismatch comprises requiring additional authentication information.

13. The computer program product of claim 11 , wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.

14. The computer program product of claim 9 , wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.

15. A computer system, comprising one or more processors, one or more memories, and one or more computer readable hardware storage devices storing program instructions which, being executed by the one or more processors via the one or more memories, perform a method for authenticating a user to a target server, said method comprising: receiving, by the one or more processors a request from a user computer system to authenticate the user for access to N−1 target servers of N target servers at respective levels 1 through N−1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−1 target servers at the respective levels 1 through N−1 if N is at least 3; accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−1 target servers at the respective levels 1 through N−1; receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−1 target servers at the respective levels 1 through N−1; in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store; determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.

16. The computer system of claim 15 , wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.

17. The computer system of claim 15 , wherein the method further comprises: determining, by the one or more processors, that there is a mismatch between the stored authentication plan and the current authentication plan; and resolving, by the one or more processors, the mismatch.

18. The computer system of claim 17 , wherein said resolving the mismatch comprises requiring additional authentication information.

19. The computer system of claim 17 , wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.

20. The computer system of claim 15 , wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.